Merge branch 'philipcunningham-add-meta-tag-validation-strategy-337009' into 'master'

Add support for meta tag DAST site validation

See merge request gitlab-org/gitlab!67553

doc/api/graphql/reference/index.md

@@ -14876,6 +14876,7 @@ Status of a container repository.
 | Value | Description |
 | ----- | ----------- |
 | <a id="dastsitevalidationstrategyenumheader"></a>`HEADER` | Header validation. |
+| <a id="dastsitevalidationstrategyenummeta_tag"></a>`META_TAG` | Meta tag validation. |
 | <a id="dastsitevalidationstrategyenumtext_file"></a>`TEXT_FILE` | Text file validation. |
 
 ### `DastTargetTypeEnum`

ee/app/graphql/types/dast_site_validation_strategy_enum.rb

@@ -4,5 +4,6 @@ module Types
   class DastSiteValidationStrategyEnum < BaseEnum
     value 'TEXT_FILE', description: 'Text file validation.', value: 'text_file'
     value 'HEADER', description: 'Header validation.', value: 'header'
+    value 'META_TAG', description: 'Meta tag validation.', value: 'meta_tag'
   end
 end

ee/app/models/dast_site_validation.rb

@@ -9,6 +9,8 @@ class DastSiteValidation < ApplicationRecord
   validates :dast_site_token_id, presence: true
   validates :validation_strategy, presence: true
 
+  validate :meta_tag_validation_must_happen_on_runner, if: :meta_tag?
+
   scope :by_project_id, -> (project_id) do
     joins(:dast_site_token).where(dast_site_tokens: { project_id: project_id })
   end
@@ -23,7 +25,7 @@ class DastSiteValidation < ApplicationRecord
 
   before_create :set_normalized_url_base
 
-  enum validation_strategy: { text_file: 0, header: 1 }
+  enum validation_strategy: { text_file: 0, header: 1, meta_tag: 2 }
 
   delegate :project, :dast_site, to: :dast_site_token, allow_nil: true
 
@@ -79,4 +81,11 @@ class DastSiteValidation < ApplicationRecord
   def set_normalized_url_base
     self.url_base = self.class.get_normalized_url_base(dast_site_token.url)
   end
+
+  def meta_tag_validation_must_happen_on_runner
+    return if ::Feature.enabled?(:dast_runner_site_validation, project, default_enabled: :yaml) &&
+              ::Feature.enabled?(:dast_meta_tag_validation, project, default_enabled: :yaml)
+
+    errors.add(:base, 'Meta tag validation is not enabled')
+  end
 end

ee/spec/models/dast_site_validation_spec.rb

@@ -15,6 +15,33 @@ RSpec.describe DastSiteValidation, type: :model do
   describe 'validations' do
     it { is_expected.to be_valid }
     it { is_expected.to validate_presence_of(:dast_site_token_id) }
+
+    context 'when strategy is meta_tag' do
+      shared_examples 'meta tag validation is disabled' do
+        subject { build(:dast_site_validation, validation_strategy: :meta_tag) }
+
+        it 'is not valid', :aggregate_failures do
+          expect(subject).not_to be_valid
+          expect(subject.errors.full_messages).to include('Meta tag validation is not enabled')
+        end
+      end
+
+      context 'when dast_meta_tag_validation is disabled' do
+        before do
+          stub_feature_flags(dast_meta_tag_validation: false)
+        end
+
+        it_behaves_like 'meta tag validation is disabled'
+      end
+
+      context 'when dast_runner_site_validation is disabled' do
+        before do
+          stub_feature_flags(dast_runner_site_validation: false)
+        end
+
+        it_behaves_like 'meta tag validation is disabled'
+      end
+    end
   end
 
   describe 'before_create' do
@@ -75,7 +102,7 @@ RSpec.describe DastSiteValidation, type: :model do
 
   describe 'enums' do
     let(:validation_strategies) do
-      { text_file: 0, header: 1 }
+      { text_file: 0, header: 1, meta_tag: 2 }
     end
 
     it { is_expected.to define_enum_for(:validation_strategy).with_values(validation_strategies) }